Hack In The Box Conference

Last call to Hack In The Box Conference, Kuala Lumpur, Malaysia 2005. It’s on tomorrow 28th and 29th September 2005! What you will see tomorrow?

HITB ConferenceKEYNOTE SPEAKER – Tony Chor(Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation)Presentation Title: Internet Explorer Security: Past, Present and FutureMicrosoft’s Internet Explorer team is on the frontline of the battle to protect users from malware and social attacks. Tony Chor will outline threats to secure browsing, discuss Microsoft’s response with Internet Explorer for Windows XP SP2, and detail the implementation of safety features in the upcoming Internet Explorer 7.0, such as the Phishing Filter and Protected Mode (the feature formerly known as Low Rights IE).

About Tony:
Tony Chor is the Group Program Manager of the Microsoft’s Internet Explorer team. He is responsible for leading the IE team’s security response as well as for driving the design, development, and release of new versions of IE including IE 6 in XP SP2 and IE 7 for XP and Windows Vista.

Tony is a fifteen year veteran of Microsoft and has worked on a variety of projects including digital imaging in Windows Vista, MSN Explorer, Works, Encarta Online, Bookshelf, Picture It!, and Golf. He holds a B.S. in Computer Science from Stanford University.

KEYNOTE SPEAKER – Mikko Hypponen(Chief Research Officer, F-Secure Corp.)Presentation Title: Mobile MalwareThe first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses and Trojans – including cases like Commwarrior, Lasco and Skulls – have been found. Mobile phone viruses use totally new spreading vectors such as Multimedia messages and Bluetooth.

How exactly do these mobile viruses work? We’ll have a look at their code and discuss what factors affect their spreading speeds. Virus writers have always been trying to attack new platforms. What draws them now towards the mobile phone? Are phones as a platform simply widespread enough, or is the possibility of making easy money via phone billing systems driving this development? Where are we now and what can we expect to see in the Mobile Malware of the future?

About Mikko:

Mr. Mikko Hypponen is the Chief Research Officer at F-Secure Corp. He has been analysing viruses since 1991. He has consulted several high-profile organizations on computer security issues, including IBM, Microsoft, FBI, US Secret Service, Interpol and the Scotland Yard. Mr. Hypponen (35) led the team that infiltrated the Slapper worm attack network in 2002, took down the world-wide network used by the Sobig.F worm in 2003 and was the first to warn the world about the Sasser outbreak in 2004.

Mr. Hypponen and his team has been profiled by Wall Street Journal, Vanity Fair, New York Times and Newsweek. He has been an invited member of CARO (the Computer Anti-Virus Researchers Organization) since 1995.

Apart from computer security issues, Mr. Hypponen enjoys collecting and restoring classic arcade video games and pinball machines from past decades. He lives with his family, and a small moose community, on an island near Helsinki.

CAPTURE THE FLAG (CTF) Hacking Game
You have heard about Counter Strike game but have you heard about Hacking Game? What is CTF Games? CTF is a game attempts to test a security administrator’s ability to secure a complex system with unknown but required functionality.

While this task seems rather odd, this is similar to a day job as a security consultant:

a customer has a large dot.com site, they don t know what it does (the IT staff have all left), and they want it to be secure. And don’t turn it off, there is live traffic running on it. The HITBSecConf CtF game models this situation as follows:

· Players are provided with a table, one 5-point power outlet, and one Ethernet connection.
· Players get a class-C network address space, and all traffic coming to the player s connection is reverse-NAT’d so that the source of traffic cannot be identified. This eliminates the obvious defence of filtering all traffic from other teams using a simple firewall.
· Players are handed a reference system at the beginning of the game. The reference system is guaranteed to provide all the Services required by the Score Server. The Flags which the Score Server is looking for have already been implanted in each team’s reference system. This becomes the Home Flag of the team.
· The actual Services required by the Score Server are secret, and subject to change throughout game play.
· The reference system is riddled with security vulnerabilities, and may possibly include vulnerable Services, such as telnet and FTP.
· To score a home point, a team’s server must fully satisfy the Score Server’s requested interactions, and the team’s Flag must be intact on their server.
· To score an own3d point, the Score Server must be fully satisfied with the Services on other team’s server, the attacking team’s Flag must be present on other team s server, and the attacking team’s server must also be fully functional. This is to prevent a team from deploying only attackers, and not bothering to defend.
· To discourage DoS attacks and lazy bulk scanning, each team is charged a penalty for bandwidth coming from their connection. This penalty may include temporary disconnection from the network and thus the loss of home points as the Score Server will not be able to score the team.

Zone-H Hacking ChallengeZone-H in colaboration with the Hack in The Box crew will organize a web-based hackgame at HITBSecConf2005 in which participants will be challenged to try to beat the hackgame in the shortest possible time. The hackgame rules are fairly simple. There is a central server offering an online hackgame which is developed along three different levels. The three levels are of increasing difficulty, all of them can be beaten just using a simple web browser so there will be no need to bring your own exploits or your own laptop. Each participant has a limited amount of time to beat all three levels; upon completion of each level a separate scoring mechanism will assign to the participant some points based on a time-mission scheme.

Open-Hack sponsored by VIA Technologies
The game is simple. There will be 4 notebooks configured. Each notebook will be installed with Windows XP and setup as a stand-alone machine (no Local Area Network or Internet Access). There will be a virtual drive created with a passkey. A target document will be placed on this virtual drive. To win, a participant must be able to retrieve the stored document from the virtual drive and decrypt the contents within. Each participant will have a maximum time allocation of 60-minutes per attempt. You have unlimited attempts over the 2-day period. Be the first person to successfully defeat the PadLock system and you could walk away with some brand new IT gear worth USD5,000!!!

— Beside all that, you can meet the experience security consultants and hackers around the world, which you can’t meet in PC Fair 😛